policies extension for an example.
If an extension type is unsupported then the I<arbitrary> extension syntax
-must be used, see the L<ARBITRARY EXTENSIONS|/"ARBITRARY EXTENSIONS"> section for more details.
+must be used, see the L</ARBITRARY EXTENSIONS> section for more details.
=head1 STANDARD EXTENSIONS
The following sections describe each supported extension in detail.
-=head2 Basic Constraints.
+=head2 Basic Constraints
This is a multi valued extension which indicates whether a certificate is
a CA certificate. The first (mandatory) name is B<CA> followed by B<TRUE> or
-B<FALSE>. If B<CA> is B<TRUE> then an optional B<pathlen> name followed by an
+B<FALSE>. If B<CA> is B<TRUE> then an optional B<pathlen> name followed by a
non-negative value can be included.
For example:
only be used to sign end user certificates and not further CAs.
-=head2 Key Usage.
+=head2 Key Usage
Key usage is a multi valued extension consisting of a list of names of the
permitted key usages.
keyUsage=critical, keyCertSign
-=head2 Extended Key Usage.
+=head2 Extended Key Usage
This extensions consists of a list of usages indicating purposes for which
the certificate public key can be used for,
extendedKeyUsage=serverAuth,clientAuth
-=head2 Subject Key Identifier.
+=head2 Subject Key Identifier
This is really a string extension and can take two possible values. Either
the word B<hash> which will automatically follow the guidelines in RFC3280
subjectKeyIdentifier=hash
-=head2 Authority Key Identifier.
+=head2 Authority Key Identifier
The authority key identifier extension permits two options. keyid and issuer:
both can take the optional value "always".
authorityKeyIdentifier=keyid,issuer
-=head2 Subject Alternative Name.
+=head2 Subject Alternative Name
The subject alternative name extension allows various literal values to be
included in the configuration file. These include B<email> (an email address)
CN=My Name
-=head2 Issuer Alternative Name.
+=head2 Issuer Alternative Name
The issuer alternative name option supports all the literal options of
subject alternative name. It does B<not> support the email:copy option because
issuerAltName = issuer:copy
-=head2 Authority Info Access.
+=head2 Authority Info Access
The authority information access extension gives details about how to access
certain information relating to the CA. Its syntax is accessOID;location
CN=Some Name
-=head2 Certificate Policies.
+=head2 Certificate Policies
This is a I<raw> extension. All the fields of this extension can be set by
using the appropriate syntax.
The following extensions are non standard, Netscape specific and largely
obsolete. Their use in new applications is discouraged.
-=head2 Netscape String extensions.
+=head2 Netscape String extensions
Netscape Comment (B<nsComment>) is a string extension containing a comment
which will be displayed when the certificate is viewed in some browsers.
=head1 SEE ALSO
-L<req(1)>, L<ca(1)>, L<x509(1)>,
+L<openssl-req(1)>, L<openssl-ca(1)>, L<openssl-x509(1)>,
L<ASN1_generate_nconf(3)>
=head1 COPYRIGHT